From 267dc439f1d5dc5ce5bce571f1d9d6d426aee15e Mon Sep 17 00:00:00 2001
From: ricola <ricola@poivron.org>
Date: Mon, 20 Apr 2026 13:09:14 -0600
Subject: [PATCH] Allow user to see their profile page

---
 vedia.rb                                  | 21 +++++++++++++++------
 views/admin.erb                           |  2 +-
 views/layout.erb                          |  2 +-
 views/{admin_users.erb => users_show.erb} |  4 +---
 4 files changed, 18 insertions(+), 11 deletions(-)
 rename views/{admin_users.erb => users_show.erb} (93%)

diff --git a/vedia.rb b/vedia.rb
index 080d054..b59f999 100644
--- a/vedia.rb
+++ b/vedia.rb
@@ -218,6 +218,11 @@ post '/logout' do
   redirect '/login'
 end
 
+get '/users/:id' do
+  require_admin_or_self
+  erb :users_show
+end
+
 get '/admin' do
   require_admin
   @users = User.all
@@ -225,12 +230,6 @@ get '/admin' do
   erb :admin
 end
 
-get '/admin/users/:id' do
-  require_admin
-  @user = User.find(params[:id])
-  erb :admin_users
-end
-
 get '/admin/users/:id/organizers/:vote/delete' do
   require_admin
   rating = Organizer.where(user: params[:id]).where(vote: params[:vote]).each do |organizer|
@@ -652,6 +651,12 @@ helpers do
     redirect '/' unless is_admin
   end
 
+  def require_admin_or_self
+    require_login
+    find_user
+    redirect '/' unless is_admin or current_user == @user
+  end
+
   def find_vote
     @vote = Vote.find_by(secure_id: params[:id])
   end
@@ -660,6 +665,10 @@ helpers do
     @candidate = Candidate.find(params[:cid])
   end
 
+  def find_user
+    @user = User.find(params[:id])
+  end
+
   def all_users_sorted
     User.all.each.sort_by { |user| user.email }
   end
diff --git a/views/admin.erb b/views/admin.erb
index 3f7607d..267cdb2 100644
--- a/views/admin.erb
+++ b/views/admin.erb
@@ -14,7 +14,7 @@
   </thead>
   <% @users.sort_by { |user| user.email }.each do |user| %>
     <tr>
-      <td><a href="/admin/users/<%= user.id %>"><%= user.email %></a></td>
+      <td><a href="/users/<%= user.id %>"><%= user.email %></a></td>
       <td><%= format_date(user.created_at) %></td>
       <td><%= user.admin %></td>
       <td><%= user.votes.length %></td>
diff --git a/views/layout.erb b/views/layout.erb
index e9e1e9f..26de47b 100644
--- a/views/layout.erb
+++ b/views/layout.erb
@@ -40,7 +40,7 @@
 
       <div class="d-flex flex-wrap justify-content-end pe-3 py-3 mb-4">
         <% if current_user %>
-          <%= current_user.email %>
+          <a href="/users/<%= current_user.id %>"><%= current_user.email %></a>
         <% else %>
           &nbsp;
         <% end %>
diff --git a/views/admin_users.erb b/views/users_show.erb
similarity index 93%
rename from views/admin_users.erb
rename to views/users_show.erb
index 8868df4..0101801 100644
--- a/views/admin_users.erb
+++ b/views/users_show.erb
@@ -1,6 +1,4 @@
-<h1 class="mb-5"><%= _("Admin") %></h1>
-
-<h2 class="mb-4"><%= @user.email %></h2>
+<h1 class="mb-5"><%= @user.email %></h1>
 
 <p><%= _("Created: %{date}") % { date: format_date(@user.created_at) } %></p>